一次lvs迁移记录

需求:从117.119.33.99迁移到122.14.206.125,lvs为dr模式,系统版本为debian7

1、安装lvs和keepalived

# aptitude install -y ipvsadm keepalived
# /etc/init.d/ipvsadm start
# update-rc.d ipvsadm enable
# /etc/init.d/keepalived start
# update-rc.d keepalived enable

2、修改配置文件

主配置文件使用了include进行拆分

# vim keepalived.conf

include  /etc/keepalived/vi_bgp_VI1_yizhuang.inc
include  /etc/keepalived/vi_bgp_VI2_yizhuang.inc
#include  /etc/keepalived/vs_pub_yizhuang.inc
include  /etc/keepalived/vs_web1_yizhuang.inc
include  /etc/keepalived/vs_newad_yizhuang.inc
include  /etc/keepalived/vs_public1_yizhuang.inc
include  /etc/keepalived/vs_turbo2sdk_yizhuang.inc
#include  /etc/keepalived/vs_china-max_yizhuang.inc
include  /etc/keepalived/vs_dsproxy_yizhuang.inc
#include  /etc/keepalived/vs_china-max6_yizhuang.inc
include  /etc/keepalived/vs_china-turbo-2_yizhuang.inc
include /etc/keepalived/vs_cms_yizhuang.inc

节点角色配置,master和backup节点仅该文件不同,其他配置完全一样,可以用rsync同步

# vim state_VI1.conf

#uy-s-07
     state MASTER
     priority 150
#uy-s-45
#    state BACKUP
#    priority 100

# vim state_VI2.conf

#uy-s-07
     state BACKUP
     priority 100
#uy-s-45
#    state MASTER
#    priority 150

vrrp实例配置

# vim vi_bgp_VI1_yizhuang.inc

vrrp_instance VII_1 {
    virtual_router_id 102
    interface eth0
    include /etc/keepalived/state_VI1.conf
    preempt_delay 120
    garp_master_delay 0
    garp_master_refresh 5
    lvs_sync_daemon_interface eth0
    authentication {
        auth_type PASS
        auth_pass opsdk
    }

    virtual_ipaddress {
        #web1 in yizhuang
        122.14.206.128

        #pub in yizhuang
        122.14.206.127

        #new ad in yizhuang
        122.14.206.126

        #new wood water in yizhuang
        122.14.206.125

        #turbo2sdk in yizhuang
        122.14.206.122

        #china-max in yizhuang
        122.14.206.121

        #china-max6 in yizhuang
        122.14.206.120

        #china-max6 in yizhuang
        122.14.206.119

        #china-turbo-2 in yizhuang
        122.14.206.118
    }
}

# vim vi_bgp_VI2_yizhuang.inc

vrrp_instance VII_2 {
    virtual_router_id 202
    interface eth0
    include /etc/keepalived/state_VI2.conf
    preempt_delay 120
    garp_master_delay 0
    garp_master_refresh 5
    lvs_sync_daemon_interface eth0
    authentication {
        auth_type PASS
        auth_pass opsdk
    }

    virtual_ipaddress {
        #duanzi in yizhuang
        122.14.206.117
    }
}

virtual_server配置

# vim vs_public1_yizhuang.inc

###122.14.206.125:80 122.14.206.125:80 public1###

virtual_server 122.14.206.125 80 {
    lb_algo sh
    lb_kind DR
    persistence_timeout 0
    delay_loop 20
    protocol TCP

    # uy04-04 has address 122.14.206.140
    real_server 122.14.206.140 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy04-05 has address 122.14.206.141
    real_server 122.14.206.141 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy07-01 has address 122.14.206.143
    real_server 122.14.206.143 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy07-02 has address 122.14.206.144
    real_server 122.14.206.144 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy07-05 has address 122.14.206.146
    real_server 122.14.206.146 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }


    # uy07-06 has address 122.14.206.147
    real_server 122.14.206.147 80 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }
}

###122.14.206.125:443 122.14.206.125:443 public1###

virtual_server 122.14.206.125 443 {
    lb_algo sh
    lb_kind DR
    persistence_timeout 0
    delay_loop 20
    protocol TCP

    # uy01-01 has address 122.14.206.140
    real_server 122.14.206.140 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy01-02 has address 122.14.206.141
    real_server 122.14.206.141 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy01-03 has address 122.14.206.143
    real_server 122.14.206.143 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy01-04 has address 122.14.206.144
    real_server 122.14.206.144 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy01-05 has address 122.14.206.146
    real_server 122.14.206.146 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }

    # uy01-06 has address 122.14.206.147
    real_server 122.14.206.147 443 {
        weight 10
        TCP_CHECK {
            connect_timeout 10
        }
    }
}

# vim vs_dsproxy_yizhuang.inc

###122.14.206.125:2012 122.14.206.125:2012 dsproxy###

virtual_server 122.14.206.125 2012 {
    lb_algo rr
    lb_kind DR
    persistence_timeout 0
    delay_loop 20
    protocol UDP

    # uy04-10-v09 has address 192.168.10.88
    real_server 122.14.206.141 2012 {
        weight 5
        MISC_CHECK {
            misc_path "/etc/keepalived/UDP_CHECK.sh 192.168.10.88 2012"
            misc_timeout 10
        }
    }

    # uy01-02-v12 has address 192.168.10.89
    real_server 122.14.206.140 2012 {
        weight 5
        MISC_CHECK {
            misc_path "/etc/keepalived/UDP_CHECK.sh 192.168.10.89 2012"
            misc_timeout 10
        }
    }
}

udp检测脚本

# vim /etc/keepalived/UDP_CHECK.sh

#!/bin/bash
/bin/nc -unvz -w 1 $1 $2 2>&1 | grep open &> /dev/null
exit $?

配置文件同步及服务重载脚本,这里使用了git管理配置文件

# vim rsync2backup.sh

#!/bin/bash

git add ./*
git commit -m "commit on: $(date +%F' '%T)" -a
/etc/init.d/keepalived reload
cd /etc/keepalived
rsync -avz --delete --exclude=.git --exclude=state*.conf --exclude=rsync2backup.sh ./ 192.168.1.250:`pwd`/
ssh 192.168.1.250 '/etc/init.d/keepalived reload'

3、配置Real Server,这里有6台Real Server

a、在lo网卡上配置vip

# ifconfig lo:125 122.14.206.125 netmask 255.255.255.255 up

# vim /etc/network/interfaces
auto lo:125
iface lo:125 inet static
address 122.14.206.125
netmask 255.255.255.255

b、修改arp内核参数

# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.nf_conntrack_max = 2048000
net.netfilter.nf_conntrack_max = 2048000

# sysctl -p

c、挑两台Real Server为udp服务设置iptables转发规则

# iptables -t nat -I PREROUTING -d 122.14.206.125 -p udp --dport 2012 -j DNAT --to 192.168.10.88:2012
# iptables -t nat -I POSTROUTING -p udp --dport 2012 -j SNAT --to-source 122.14.206.125

# iptables -vnL -t nat
# iptables-save

4、重载服务

# /etc/init.d/keepalived reload

这里可以使用同步脚本

5、查看lvs规则

# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=1048576)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  122.14.206.125:80 sh
  -> 122.14.206.140:80            Route   10     37942      5108
  -> 122.14.206.141:80            Route   10     37034      5506
  -> 122.14.206.143:80            Route   10     46782      5907
  -> 122.14.206.144:80            Route   10     37518      5844
  -> 122.14.206.146:80            Route   10     37340      4928
  -> 122.14.206.147:80            Route   10     46501      6221
TCP  122.14.206.125:443 sh
  -> 122.14.206.140:443           Route   10     3999       4061
  -> 122.14.206.141:443           Route   10     3904       3692
  -> 122.14.206.143:443           Route   10     5116       4551
  -> 122.14.206.144:443           Route   10     4529       4298
  -> 122.14.206.146:443           Route   10     3944       3685
  -> 122.14.206.147:443           Route   10     3916       3719
UDP  122.14.206.125:2012 rr
  -> 122.14.206.140:2012          Route   5      0          260
  -> 122.14.206.141:2012          Route   5      0          261

6、修改本地hosts,将域名指向新的vip在本地测试,这里略过

7、确认没问题就可以切换dns了,修改dns然后重载dns服务

# vim oupeng.com.zone.ALL
;outspot6-yizhuang      IN      A       117.119.33.99 ;117.119.33.11,117.119.33.12,117.119.33.13,117.119.33.14,117.119.33.41
outspot6-yizhuang       IN      A       122.14.206.125 ;122.14.206.140,122.14.206.141,122.14.206.143,122.14.206.144,122.14.206.146,122.14.206.147

至此,迁移就全部完成了,可以尝试访问一下lvs代理的服务确认一切正常。

posted @ 2017-09-04 01:12  KeithTt  阅读(442)  评论(0编辑  收藏  举报